This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/0UjAR0lwkfGnKW_I34st30o5zcY.roa
File:                     0UjAR0lwkfGnKW_I34st30o5zcY.roa (raw, json)
Hash identifier:          SaYOr18FPTLyjkppn6MTCghoM1FqQpX991KVnAvsKI4=
Subject key identifier:   D1:48:C0:47:49:70:91:F1:A7:29:6F:C8:DF:8B:2D:DF:4A:39:CD:C6
Certificate issuer:       /CN=1c2ac1246a2e0ea97a0c2295b73ddbe006d0ed2c
Certificate serial:       019B78A33FF386E11CB0CDAC3A81B891A618
Authority key identifier: 1C:2A:C1:24:6A:2E:0E:A9:7A:0C:22:95:B7:3D:DB:E0:06:D0:ED:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCrBJGouDql6DCKVtz3b4AbQ7Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/0UjAR0lwkfGnKW_I34st30o5zcY.roa
Signing time:             Thu 01 Jan 2026 08:18:43 +0000
ROA not before:           Thu 01 Jan 2026 08:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48769
IP address blocks:        194.153.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/HCrBJGouDql6DCKVtz3b4AbQ7Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/HCrBJGouDql6DCKVtz3b4AbQ7Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCrBJGouDql6DCKVtz3b4AbQ7Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:3f:f3:86:e1:1c:b0:cd:ac:3a:81:b8:91:a6:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c2ac1246a2e0ea97a0c2295b73ddbe006d0ed2c
        Validity
            Not Before: Jan  1 08:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d148c047497091f1a7296fc8df8b2ddf4a39cdc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:50:19:9e:15:5c:d2:a8:23:68:29:ff:52:68:
                    9e:2d:f0:64:72:f9:13:4b:d1:7b:9a:fb:29:71:0f:
                    e2:dd:94:aa:cc:9a:99:42:6b:fd:ba:db:ba:34:5c:
                    7c:d5:6f:14:a5:d9:7a:c1:d0:e1:fb:69:cc:f8:f6:
                    69:4a:21:9e:7e:57:e4:41:3e:9b:1e:32:95:04:6e:
                    62:87:08:61:5b:f4:fa:54:12:ce:39:34:09:1e:5a:
                    3e:76:1f:48:27:7d:93:21:ee:0b:fd:1b:9f:56:35:
                    e8:f1:50:96:e2:aa:f5:66:fb:c0:5a:ef:f0:76:15:
                    12:34:95:42:34:a0:60:38:2d:28:d7:56:e5:af:fe:
                    5b:90:ca:f1:e8:97:68:80:0f:35:a9:7d:a9:54:52:
                    e4:24:1a:7b:87:1f:72:59:b4:bf:c3:c7:ea:05:a1:
                    0e:8b:35:23:35:a4:3e:c9:f3:55:ca:20:5f:40:90:
                    65:3c:67:54:50:ab:06:d7:38:fe:8a:42:1f:a4:98:
                    35:25:d7:4d:78:8b:1d:b7:94:a5:b9:3e:b2:fd:b3:
                    e5:14:cf:2c:c0:a5:6c:ad:83:da:fd:df:4a:ed:1b:
                    e7:da:e3:90:d5:71:e5:fa:bf:f7:92:8e:41:29:00:
                    b3:96:65:a8:72:30:71:95:1d:d7:f8:24:96:51:3a:
                    a6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:48:C0:47:49:70:91:F1:A7:29:6F:C8:DF:8B:2D:DF:4A:39:CD:C6
            X509v3 Authority Key Identifier:
                keyid:1C:2A:C1:24:6A:2E:0E:A9:7A:0C:22:95:B7:3D:DB:E0:06:D0:ED:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCrBJGouDql6DCKVtz3b4AbQ7Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/0UjAR0lwkfGnKW_I34st30o5zcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0de7e1-bf7f-434f-9591-8d46e09df9f3/1/HCrBJGouDql6DCKVtz3b4AbQ7Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:d7:48:65:f4:e7:d0:15:96:cb:c5:77:a0:0e:8a:45:8d:44:
         f4:7d:11:f7:51:d2:a7:ff:3c:94:11:a5:0b:11:c3:d6:55:69:
         55:f8:81:e7:3a:6e:e8:aa:31:f7:fc:f4:69:c6:03:bb:ce:6f:
         9f:f9:16:0d:cd:32:84:0a:93:46:9a:50:ed:9d:83:49:3d:2b:
         1b:11:bc:8f:a9:32:76:e6:17:5a:c1:30:7e:3a:6f:fd:a0:38:
         9c:9e:7d:29:4a:b3:46:2c:95:8e:1f:bd:c5:08:f9:d8:51:2d:
         e6:22:1f:45:e0:dd:9f:e7:88:f8:57:d6:c5:78:9a:4d:9e:c9:
         de:56:20:3d:e0:4a:73:98:ef:b7:3a:a7:12:09:17:b8:9f:a5:
         e5:57:50:fc:e9:cc:2e:b6:fb:ff:33:56:3c:42:a4:a7:0e:4d:
         de:9a:f2:64:a7:cf:4d:ce:99:69:32:d5:60:83:c8:93:ee:01:
         9a:59:7a:3b:ff:db:46:62:ac:80:fc:15:b1:14:84:e4:de:b5:
         be:12:e9:86:7f:f9:0a:21:08:b1:43:0b:7d:c6:63:94:7a:30:
         d8:12:11:d7:b7:94:fe:67:18:24:73:8a:f2:54:c5:8f:bc:9d:
         06:62:34:6a:74:d3:e7:ce:8d:b2:a6:1e:d9:68:d0:90:42:0f:
         0c:87:fb:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oz/zhuEcsM2sOoG4kaYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMmFjMTI0NmEyZTBlYTk3YTBjMjI5NWI3M2RkYmUwMDZk
MGVkMmMwHhcNMjYwMTAxMDgxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQ4YzA0NzQ5NzA5MWYxYTcyOTZmYzhkZjhiMmRkZjRhMzljZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFAZnhVc0qgjaCn/UmieLfBkcvkT
S9F7mvspcQ/i3ZSqzJqZQmv9utu6NFx81W8Updl6wdDh+2nM+PZpSiGeflfkQT6b
HjKVBG5ihwhhW/T6VBLOOTQJHlo+dh9IJ32TIe4L/RufVjXo8VCW4qr1ZvvAWu/w
dhUSNJVCNKBgOC0o11blr/5bkMrx6JdogA81qX2pVFLkJBp7hx9yWbS/w8fqBaEO
izUjNaQ+yfNVyiBfQJBlPGdUUKsG1zj+ikIfpJg1JddNeIsdt5SluT6y/bPlFM8s
wKVsrYPa/d9K7Rvn2uOQ1XHl+r/3ko5BKQCzlmWocjBxlR3X+CSWUTqmMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFIwEdJcJHxpylvyN+LLd9KOc3GMB8GA1UdIwQY
MBaAFBwqwSRqLg6pegwilbc92+AG0O0sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSENyQkpHb3VEcWw2RENLVnR6M2I0QWJRN1N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wZGU3ZTEtYmY3Zi00MzRmLTk1OTEt
OGQ0NmUwOWRmOWYzLzEvMFVqQVIwbHdrZkduS1dfSTM0c3QzMG81emNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wZGU3ZTEtYmY3Zi00MzRmLTk1OTEtOGQ0NmUwOWRmOWYz
LzEvSENyQkpHb3VEcWw2RENLVnR6M2I0QWJRN1N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpm7MA0G
CSqGSIb3DQEBCwUAA4IBAQBJ10hl9OfQFZbLxXegDopFjUT0fRH3UdKn/zyUEaUL
EcPWVWlV+IHnOm7oqjH3/PRpxgO7zm+f+RYNzTKECpNGmlDtnYNJPSsbEbyPqTJ2
5hdawTB+Om/9oDicnn0pSrNGLJWOH73FCPnYUS3mIh9F4N2f54j4V9bFeJpNnsne
ViA94EpzmO+3OqcSCRe4n6XlV1D86cwutvv/M1Y8QqSnDk3emvJkp89NzplpMtVg
g8iT7gGaWXo7/9tGYqyA/BWxFITk3rW+EumGf/kKIQixQwt9xmOUejDYEhHXt5T+
Zxgkc4ryVMWPvJ0GYjRqdNPnzo2yph7ZaNCQQg8Mh/s1
-----END CERTIFICATE-----